Configuring email scanning

SMTP and POP3Post Office Protocol 3 - A protocol used by local email clients to retrieve emails from mailboxes over a TCP/IP connection. protocols scanning settings are defined through this tab. If scanning is enabled for at least one of these protocols, all attachments of transmitted messages are scanned.

Individual attachments of transmitted messages are saved in a temporary directory on the local disk. When downloaded completely, the files are scanned for viruses. If no virus is found, the attachment is added to the message again. If a virus is detected, the attachment is replaced by a notice informing about the virus found.


  1. Within antivirus scanning, it is possible to remove only infected attachments, entire email messages cannot be dropped.
  2. In case of SMTP protocol, only incoming traffic is checked (i.e. traffic from the Internet to the local network). To check also outgoing traffic (e.g. when local clients connect to an SMTP server without the local network), define a corresponding traffic rule using the SMTP protocol inspector.

Configuring email scanning

  1. In the administration interface, go to Antivirus.
  2. On tab Antivirus Engine, check that antivirus control is enabled and select options Enable SMTP scanning and Enable POP3 scanning.
  3. On tab Email Scanning, select option Prepend subject message with text. This text informs the recipient of the message and it can be also used for automatic message filtering.


Regardless of what action is set to be taken, the attachment is always removed and a warning message is attached instead.

  1. Use the TLSTransport Layer Security - A follower of the SSL protocol and ensures secure communication between networks. connections section to set firewall behavior for cases where both mail client and the server support TLS-secured SMTP or POP3 traffic. In case that TLS protocol is used, unencrypted connection is established first. Then, client and server agree on switching to the secure mode (encrypted connection). If the client or the server does not support TLS, encrypted connection is not used and the traffic is performed in a non-secured way. If the connection is encrypted, firewall cannot analyze it and perform antivirus check for transmitted messages.
  2. The If an attachment cannot be scanned section defines actions to be taken if one or multiple files attached to a message cannot be scanned for any reason (e.g. password-protected archives, damaged files, etc.):
  • Remove the attachment from the email messageKerio Control reacts in the same way as when a virus was detected (including all the actions described above).
  • Allow delivery of the attachmentKerio Control behaves as if password-protected or damaged files were not infected. Generally, this option is not secure. However, it can be helpful for example when users attempt to transmit big volume of compressed password-protected files (typically password-protected archives) and the antivirus is installed on the workstations.
  1. Click Apply.